The latest (but not greatest) forms of payments fraud

Adyen risk expert Attila Dogan weighs in on high-tech scams and offers tips for merchants on how to combat them.

It’s a whole new era in payments fraud, and criminals are stepping up their games.

For years, fraudsters sifted through the dark web and other shady domains to get their hands on what seemed to be a holy grail: compromised credit card numbers. But these days, compromised cards may be the least of a merchant’s worries.

What’s scarier, for both consumers and companies trying to sell to them, is that more critical, personal information – social security numbers or your mother’s maiden name, for example – could live on the internet in places where criminals can find it.

“If your social security number is out there, it’s not like you can replace it,” says Attila Dogan, a fraud expert and Head of RevenueProtect at Adyen. “A criminal could take the number, apply in your name, and ruin your credit score or your relationship with banks. This form of identity theft is very painful.”

Adyen's Head of RevenueProtect, Attila Dogan.

Payments fraud to watch out for

For companies, new flavors of fraud have become bigger headaches, as the plots to steal money become more elaborate and the tools used more technologically sophisticated. Online marketplaces and other ecommerce sites are increasingly popular. But they can be particularly rife with scams, as both buyers and sellers are susceptible to fraudulent practices.

Below, a few of the latest types of fraud and tips for merchants on fraud prevention.

Account takeovers
As consumers buy more and more on the internet, criminals have learned that too many shoppers use the same login and password in every part of their life. Is your email password the same as your bank account password and the same for all your shopping sites? Look out. Thieves know that once they get one login and password combo, they can try those same details on many platforms until they strike pay dirt.

Card testing
This is not a new type of fraud, but it has lately gotten a technological twist. The basic premise behind card testing: criminals obtain large batches of compromised credit cards on darknets that they need to validate before they commit crimes (stealing goods and services they plan to sell at a profit later). To speed up this process, fraudsters increasingly rely on automated tools that send trustworthy-looking orders in small amounts to unsuspecting merchants. The massive scale of these attempts sometimes resembles distributed denial of service attacks (DDoS) that cause real harm to the businesses in question, driving up costs and harming their payment conversions.

Refund fraud
Refund fraud happens on the customer end of an order placed over the internet. This is also called “friendly fraud” or “buyer liars.” All a customer has to do is claim they didn’t receive a package or product, and the business is likely to eat the cost. A customer may also claim that a product was damaged in some way and demand a refund, another loss for the business. To be sure, a handful of such losses is expected for any business. But at scale, thousands of fraudulent refunds can cost online marketplaces millions of dollars.

Collusion
Money laundering – a very old type of fraud indeed – gets a new life in today’s online marketplaces. When the buyer and seller of an item or service are indeed the same person or work together, traditional KYC (Know Your Customer) processes might find this hard to detect. Given money laundering is often tied to the drug trade and financing terrorism, legislators do hold all actors accountable and criminals target a vast number of different international businesses.

What merchants can do:

Choose a payments partner with a long track record of dealing with fraud, and a partner with extensive ecommerce experience. If you’re running a marketplace, make sure your KYC and AML screening processes are airtight and ideally upgraded through the use of a robust fraud management solution designed for this type of fraud.

Device fingerprinting. Once seen as the silver bullet in fraud prevention, traditional means of device fingerprinting are losing their value proposition in today’s world of strong browser configurations that allow users (friend or foe) to anonymize their online persona. Choose a partner that solves this by going beyond the traditional device fingerprint by creating virtual identities that dynamically link all attributes of a potential attacker.

Check in frequently with your customer. Send alerts at nearly every step of the buying and delivery process. Is the person aware that they have bought the item? Or that it shipped? Rather than being annoying, the alerts are best practices that ensure a purchase is legitimate and a customer is who they say they are. It’s also a failsafe against the merchant losing money.

Invest in the right technology and ideally build some experience in-house. Sometimes, perception is half the battle. Creating awareness around your anti-fraud measures is key, since fraudsters will at least try to attack every business that is somewhat customer-facing.

To be sure, not all fraud is preventable. But choosing the right payments partner can help you cut down on risk. Adyen’s unique fraud prevention tools take a data-driven approach to fraud detection, reducing manual work and helping you gain full visibility into your payment transactions.